/**
* @Company 青鸟软通   
* @Title: AuthenticationFilter.java 
* @Package com.haier.isales.filter 
* @author John Zhao   
* @date 2014-11-6 下午4:27:05 
* @version V1.0   
*/ 
package com.jbinfo.qingcaowan.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/** 
 * @ClassName: AuthenticationFilter 
 * @Description: 认证过滤器
 * @author John Zhao
 */
public class AuthenticationFilter implements Filter {
	
	//手机接口的前缀，以"/app/" 开头
    private static String exculdeUrlPre = "/app/" ;
    
	/**
	 * <p>Description: </p> 
	 * @author John Zhao   
	 * @date 2014-11-6 下午4:27:05 
	 * @param filterConfig
	 * @throws ServletException 
	 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) 
	 */
	@Override
	public void init(FilterConfig filterConfig) throws ServletException {

	}

	/**
	 * <p>Description: </p> 
	 * @author John Zhao   
	 * @date 2014-11-6 下午4:27:05 
	 * @param request
	 * @param response
	 * @param chain
	 * @throws IOException
	 * @throws ServletException 
	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) 
	 */
	@Override
/*	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,FilterChain filterChain) throws IOException, ServletException {
		final HttpServletRequest request = (HttpServletRequest) servletRequest;
        final HttpServletResponse response = (HttpServletResponse) servletResponse;
        final HttpSession session = request.getSession();
        String url = request.getRequestURI();
        //以/{client}/a开头的为忽略登录的url
        if (session.getAttribute(LoginContextUtil.LOGIN_CONTEXT) != null || url.startsWith("/pc/a/login")|| url.startsWith("/app/a")) {
            filterChain.doFilter(request, response);
            return;
        }
         调用接口时 , 判断开始 
         * 2014-11-3  Cao Rui
         * 当前请求为接口，并且assertion为空时，需要系统为用户进行一次登录操作
         * 在isales系统中,这些接口主要是针对手机端(后期可扩展移动端使用范围),为手机端封装dubbo接口,并转换为json形式的输出。
         * 判断规则 : request.getRequestURI()以/isalesInterface/开头(这些接口统一以/isalesInterface/开头)
         
        
        
        if (null != url && !url.equals("") && url.indexOf(exculdeUrlPre) == 0) {
        	if(url.indexOf("/app/a/login") == 0){
        		//是登录请求,并且当前没有assertion，正常请求登录接口, 进行登录
        		filterChain.doFilter(request, response);
        		return;
        	}else{
        		// 不是登录的请求；并且当前没有assertion，
        		// 直接由response或者request返回json，能够告知手机端重新登录
        		MobileInterfaceResult result = new MobileInterfaceResult();
        		result.setMassgae("用户未登录或过期，请登录");
        		result.setObjectCode("103");
        		String jsonResult = JSONObject.fromObject(result).toString();
        		response.setCharacterEncoding("GBK");
        		response.getWriter().write(jsonResult);
    			return ;
        	}
        }
         调用接口时 , 判断结束
        request.getRequestDispatcher("/login").forward(request, response);

	}*/
	
	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) req;
		HttpServletResponse response = (HttpServletResponse) res;
//		HttpSession session = request.getSession();
		
	    response.setHeader("Access-Control-Allow-Origin", "*");
	    response.setHeader("Access-Control-Allow-Credentials", "true"); // 控制是否开启与Ajax的Cookie提交方式
	    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
	    response.setHeader("Access-Control-Max-Age", "3600");
	    response.setHeader("Access-Control-Allow-Headers", "x-requested-with,content-type");
	    
	    String url = request.getRequestURI();
        //以/{client}/a开头的为忽略登录的url
	    if (null != url && !url.equals("") && url.indexOf(exculdeUrlPre) == 0) {
        	if(url.indexOf("/app/a/login") == 0){
        		//是登录请求,并且当前没有assertion，正常请求登录接口, 进行登录
        		chain.doFilter(request, response);
        		return;
        	}
	    }
	    //chain.doFilter(req, res);
	}

	/**
	 * <p>Description: </p> 
	 * @author John Zhao   
	 * @date 2014-11-6 下午4:27:05  
	 * @see javax.servlet.Filter#destroy() 
	 */
	@Override
	public void destroy() {
	}

}
